WannaCry Explained

May 2017

CSG Privacy & Data Security Law Alert

As we all have heard since Friday afternoon, May 12, 2017, over 200,000 machines in 150 countries have been infected by the WannaCry ransomware worm.

Worms are capable of self-replication across an internal network once a gateway machine is infected. There is no requirement for a user to open an email or an unsolicited file. Thus, unlike viruses, the worm can spread rapidly; and quarantining affected computers and networks is very difficult.

A virus, unlike a worm, is the type of malware that can only be spread through unsolicited emails and links. While companies and people can “train” to be wary of such links, worms exploit security gaps in existing software. And if a system is not properly patched against the particular vulnerability, this is how the worm gets in.

The best defense to worms is to apply patches as and when they are released (in other words, do not hit “remind me later” or disregard security updates from your vendor). Before you apply a patch, confirm with the source that it is indeed a legitimate patch – and not another exploit. Once confirmed, however, hit “install” to protect your systems.

As to the WannaCry worm, please confer with your IT Department or your IT vendor for more information.